STIGQter: STIG Summary: Video Services Policy STIG Version: 1 Release: 11 Benchmark Date: 24 Apr 2020: STIGQter: STIG Summary: Video Services Policy STIG Version: 1 Release: 11 Benchmark Date: 24 Apr 2020:SV-18868r1_rule
V-17694
RTS-VTC 2365.00 [IP]
RTS-VTC 2365.00
CAT II
10
[IP]; In the event the VTU/CODEC is connected to an IP based LAN, and if the CODEC supports streaming, Perform the following tasks:
- Train CODEC user/operators and administrators regarding CODEC streaming addressing the following:
> User awareness regarding the vulnerabilities streaming from a CODEC presents to conference confidentiality.
> User awareness regarding accidental activation of streaming.
> How to recognize the displayed indication provided by the VTU that it is in streaming mode.
> How to terminate streaming, particularly if the CODEC should not be streaming.
Additionally include this information in user’s agreements and guides.
[IP]; Interview the IAO to validate compliance with the following requirement:
In the event the VTU/CODEC is connected to an IP based LAN, and if the CODEC supports streaming, ensure users/operators and administrators of a VTU receive training regarding streaming that addresses the following:
- User awareness regarding the vulnerabilities streaming from a CODEC presents to conference confidentiality.
- User awareness regarding accidental activation of streaming.
- How to recognize the displayed indication provided by the VTU that it is in streaming mode.
- How to terminate streaming, particularly if the CODEC should not be streaming.
- The implementation and distribution of a temporary password for an approved CODEC streaming session using a one-time password that is not repeated and does not match any other user or administrative password.
Note: This is a requirement whether steaming from a CODEC is approved or not.
Interview VTC/CODEC administrators and user/operators to verify that they have received training on the vulnerabilities of streaming, recognition of CODEC streaming, and how to deactivate streaming when it is active. Have a sampling of these individuals demonstrate their knowledge.
.
This is a finding if deficiencies are found in any of these areas. Note the deficiencies in the finding details.
V-17694
False
RTS-VTC 2365.00
[IP]; Interview the IAO to validate compliance with the following requirement:
In the event the VTU/CODEC is connected to an IP based LAN, and if the CODEC supports streaming, ensure users/operators and administrators of a VTU receive training regarding streaming that addresses the following:
- User awareness regarding the vulnerabilities streaming from a CODEC presents to conference confidentiality.
- User awareness regarding accidental activation of streaming.
- How to recognize the displayed indication provided by the VTU that it is in streaming mode.
- How to terminate streaming, particularly if the CODEC should not be streaming.
- The implementation and distribution of a temporary password for an approved CODEC streaming session using a one-time password that is not repeated and does not match any other user or administrative password.
Note: This is a requirement whether steaming from a CODEC is approved or not.
Interview VTC/CODEC administrators and user/operators to verify that they have received training on the vulnerabilities of streaming, recognition of CODEC streaming, and how to deactivate streaming when it is active. Have a sampling of these individuals demonstrate their knowledge.
.
This is a finding if deficiencies are found in any of these areas. Note the deficiencies in the finding details.
I
The inadvertent or improper disclosure of sensitive or classified information to a caller of a VTU that may not have an appropriate need-to-know or proper security clearance.
Other
1418